aboutsummaryrefslogtreecommitdiffstats
path: root/sys/openbsd
Commit message (Collapse)AuthorAgeFilesLines
* sys/openbsd: sync fd rangeAnton Lindqvist2022-01-271-11/+8
| | | | The executor uses more file descriptors by now.
* sys/openbsd: remove padding argumentAnton Lindqvist2022-01-033-8/+8
| | | | | | More info here: https://marc.info/?l=openbsd-cvs&m=164028539524813&w=2
* sys/openbsd: neutralize sysctl kern.maxfilesAnton Lindqvist2021-12-262-0/+14
| | | | | | | Yet another root only knob that can cause the syz-execprog process to run out of resources[1]. [1] https://syzkaller.appspot.com/bug?id=08745ec898fac9de9164bcc4d03bf62a078f56ab
* sys: remove confusing comments that fake directivesDmitry Vyukov2021-11-122-2/+0
| | | | | | | | | It's a somewhat common mistake to write comments instead of directives: #include <foo> #define FOO BAR because that's how it's done in C. In preparation for warning about such cases remove all existing comments that fake directives.
* sys/openbsd: regenerate const filesAnton Lindqvist2021-07-0142-1189/+1212
|
* sys/openbsd: add vnd descriptions (#2636)Anton Lindqvist2021-06-303-1/+40
| | | | * sys/openbsd: add vnd descriptions * sys/openbsd: sync wsmousecfg_flags
* sys: commit empty source filesDmitry Vyukov2021-04-211-0/+6
| | | | | | Commit empty files into generated packages, so that the tree is buildable even w/o generated files and Go tools continue to work.
* sys/openbsd: neutralize sysctl kern.maxprocAnton Lindqvist2021-02-262-0/+14
| | | | | | | Yet another root only knob that can cause the syz-execprog process to run out of resources[1]. [1] https://syzkaller.appspot.com/bug?id=39e86177b5ccebb26f3dd60ab2bf261d40e485d7
* sys/openbsd: neutralize sysctl kern.witnessAnton Lindqvist2020-12-022-0/+12
| | | | | Do not fiddle with witness since we explicit values as part of the kernel configuration in dashboard/config/openbsd.
* pkg/compiler: check for flags with all equal valuesDmitry Vyukov2020-11-131-1/+1
| | | | | | There is no point in having flags when values are equal. This can only mean a typo or other bug. Check for such cases and fix 3 existing precedents.
* sys/openbsd: add missing memory related syscalls (#2238)Anton Lindqvist2020-11-022-0/+9
|
* sys/targets: add OS/Arch name constsDmitry Vyukov2020-10-261-1/+2
| | | | | | | | | | | | We use strings to identify OS/Arch. These strings are duplicated throughout the code base massively. golangci-lint points to possiblity of typos and duplication. We already had to define these names in pkg/csource and disable checking for prog package. A future change triggers such warnings in another package. Add OS/Arch name consts to sys/targets so that they can be used to refer to OS/Arch. Use the consts everywhere.
* sys/openbsd: fix linter warningsDmitry Vyukov2020-09-151-2/+2
| | | | | | | | | sys/openbsd/init.go:58:36: Top level comment should end in a period // kCoverFd in executor/executor.cc ^ sys/openbsd/init.go:60:38: Top level comment should end in a period // kOutPipeFd in executor/executor.cc ^
* sys/openbsd: neutralize sysctl kern.maxthreadAnton Lindqvist2020-08-142-9/+43
| | | | | | | | | | | | Yet another root only knob that can cause the syz-execprog process to panic[1]. Greg is currently working on sanitizing sysctl integer knobs in the OpenBSD kernel. This will improve the situation but preventing fiddling with this knob is a good call anyway. While here, restructure the code a bit making it easier to add sysctl neutralizers. [1] https://syzkaller.appspot.com/bug?id=40bcbbeb244998dfc4eeec90b8f8bce372882211
* sys/openbsd: neutralize clock_settimeAnton Lindqvist2020-08-052-0/+19
| | | | | | One of "no output from test machine" report causes[1]. [1] https://syzkaller.appspot.com/text?tag=ReproSyz&x=10b0c7d8900000
* pkg/compiler: check for unused resourcesDmitry Vyukov2020-08-043-11/+6
| | | | | | | | | | If a resource is never used as an input, it is not useful. It's effectively the same as using an integer. Detect such cases, they are quite confusing. Fix all existing errors in descriptions. This uncovered some interesting bugs as well, e.g. use of a completely unrelated fd subtype after copy-paste (while the resource that was supposed to be used there is completely unused).
* sys/openbsd: break out rlimitAnton Lindqvist2020-07-211-36/+41
| | | | In the hopes of lowering the cyclomatic complexity.
* sys/openbsd: remove hardcoded constantsAnton Lindqvist2020-07-211-10/+9
|
* sys/openbsd: neutralize sysctl kern.maxclustersAnton Lindqvist2020-07-212-10/+42
| | | | | | | One of "no output from test machine" report causes[1]. Since it's a root only knob, disallow fiddling with it for now. [1] https://syzkaller.appspot.com/bug?id=a222a4193c0a9814e02fcc61b7343a5af04a7457
* tools/syz-linter: check variable declarationsDmitry Vyukov2020-07-061-2/+2
| | | | | | | | | | | | | | Warn about: var x int = foo In most cases this can be expressed shorter as: var x int x := foo x := int(foo) Update #1876
* sys/openbsd: add missing wskbd ioctl descriptionsAnton Lindqvist2020-06-302-0/+72
|
* sys/openbsd: neutralize yet another pf ioctl commandAnton Lindqvist2020-06-294-5/+15
| | | | | | | | | Disarms the latest reproducer[1] for the discovered "no output from test machine" panic. While here, tidy up and improve comments. [1] https://syzkaller.appspot.com/bug?id=4c3b1ac22d6d7f1d9ebcad5469a28cb4562debda
* sys/openbsd: change type of sysctl namelen argumentAnton Lindqvist2020-05-271-26/+26
| | | | | | | | | | The namelen argument must reflect the number of elements in the name vector. Since it's a vector of integers, bytesize4 seems more appropriate. With help from by Dmitry[1]. [1] https://github.com/google/syzkaller/pull/1761#discussion_r430139775
* sys/openbsd: add sysctl descriptionsAnton Lindqvist2020-05-242-0/+418
|
* Makefile: generate descriptions on-the-flyDmitry Vyukov2020-04-302-5494/+0
| | | | | | | | | | | | | | | | | | Checking in the generated descriptions files makes few things simpler, but causes pain for pull requests: (1) PRs that touch descriptions _always_ conflict, (2) PRs are large and harder to review, (3) people sometimes forget to add auto-generated files. The proposed way does not require us to hardcode lots of dependencies in the Makefile (which is nice) and seem to work. Let's see how it works. The main contributor-visible consequence is that the auto-generated files do not need to be checked-in now. Credit for figuring the Makefile magic goes to @melver. Fixes #1291
* pkg/compiler: deduplicate Types in descriptionsDmitry Vyukov2020-04-261-2063/+3451
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add prog.Ref Type that serves as a proxy for real types and allows to deduplicate Types in generated descriptions. The Ref type is effectively an index in an array of types. Just before serialization pkg/compiler replaces real types with the Ref types and prepares corresponding array of real types. When a Target is registered in prog package, we do the opposite operation and replace Ref's with the corresponding real types. This brings improvements across the board: compiler memory consumption is reduced by 15%, test building time by 25%, descriptions size by 33%. Before: $ du -h sys/linux/gen 54M sys/linux/gen $ time GOMAXPROCS=1 go test -p=1 -c ./prog real 0m54.200s real 0m53.883s $ time GOMAXPROCS=1 go install -p=1 ./tools/syz-execprog real 0m27.911s real 0m27.767s $ TIME="%e %P %M" GOMAXPROCS=1 time go tool compile ./sys/linux/gen 20.59 100% 3200016 20.97 100% 3445976 20.25 100% 3209684 After: $ du -h sys/linux/gen 36M sys/linux/gen $ time GOMAXPROCS=1 go test -p=1 -c ./prog real 0m42.290s real 0m43.230s $ time GOMAXPROCS=1 go install -p=1 ./tools/syz-execprog real 0m24.337s real 0m24.727s $ TIME="%e %P %M" GOMAXPROCS=1 time go tool compile ./sys/linux/gen 19.11 100% 2764952 19.66 100% 2787624 19.35 100% 2749376 Update #1580
* sys/openbsd: extend vnetGreg Steuck2020-04-263-7/+2349
| | | | | | | | * started with freebsd/vnet.txt * pruned unsupported items * gmake extract * gmake generate_sys * gmake fomat
* pkg/compiler: refactor attribute handlingDmitry Vyukov2020-04-192-3/+3
| | | | | | | | | | | | Introduce common infrastructure for describing and parsing attribute instead of custom per-attribute code scattered across several locations. Change align attribute syntax from the weird align_N to align[N]. This also allows to use literal constants as N. Introduce notion of builtin constants. Currently we have only PTR_SIZE, which is needed to replace align_ptr with align[PTR_SIZE].
* executor: surround the data mapping with PROT_NONE pagesDmitry Vyukov2020-04-181-1/+1
| | | | | | | | | | | Surround the main data mapping with PROT_NONE pages to make virtual address layout more consistent across different configurations (static/non-static build) and C repros. One observed case before: executor had a mapping above the data mapping (output region), while C repros did not have that mapping above, as the result in one case VMA had next link, while in the other it didn't and it caused a bug to not reproduce with the C repro. The bug that reproduces only with the mapping above: https://lkml.org/lkml/2020/4/17/819
* prog: refactor target.MakeMmapDmitry Vyukov2020-04-181-1/+1
| | | | | | | | | | | Make MakeMmap return more than 1 call. This is a preparation for future changes. Also remove addr/size as they are effectively always the same and can be inferred from the target (will also conflict with the future changes). Also rename to MakeDataMmap to better represent the new purpose: it's just some arbitrary mmap, but rather mapping of the data segment.
* sys/linux: use PROT_EXEC for the data section mmapDmitry Vyukov2020-04-181-1/+1
| | | | | | | Turns out the mmap protection get out of sync between executor and C reproducers. C reproducers missed PROT_EXEC. Add PROT_EXEC for linux, freebsd and akaros.
* prog: improve TestDeserializeHelperDmitry Vyukov2020-03-241-6/+3
| | | | | 1. Allow to not provide Out if it's the same as In. 2. Always check Out.
* prog: rename target.SanitizeCall to NeutralizeDmitry Vyukov2020-03-172-6/+6
| | | | | | | | | | | | | We will need a wrapper for target.SanitizeCall that will do more than just calling the target-provided function. To avoid confusion and potential mistakes, give the target function and prog function different names. Prog package will continue to call this "sanitize", which will include target's "neutralize" + more. Also refactor API a bit: we need a helper function that sanitizes the whole program because that's needed most of the time. Fixes #477 Fixes #502
* prog: export deserialization test helper for sys/{linux,openbsd}Dmitry Vyukov2020-03-171-52/+30
| | | | | sys/{linux,openbsd} duplicate deserialization test logic as well. Export and reuse the existing helper function.
* pkg/compiler: calculate more precise sizes for argumentsDmitry Vyukov2020-03-171-34/+34
| | | | | | | | | | | | | | | | | | | | If we have: ioctl(fd fd, cmd int32) ioctl$FOO(fd fd, cmd const[FOO]) Currently we assume that cmd size in ioctl$FOO is sizeof(void*). However, we know that in ioctl it's specified as int32, so we can infer that the actual syscall size is 4. This massively reduces sizes of socket/setsockopt/getsockopt/ioctl and some other syscalls, which is good because we now use physical size in mutation/hints and some other places. This will also enable not morphing ioctl's into other ioctl's. Update #477 Update #502
* sys/openbsd: prevent killing the ssh VM connectionAnton Lindqvist2020-03-055-7/+50
| | | | | | | | | | This is one of the root causes of the 'no output from test machine' panic. Issuing a DIOCKILLSTATES ioctl on a /dev/pf file descriptor will cause state associated with ongoing connections to be purged; effectively killing the ssh connection to the VM. Including net/pfvar.h is necessary in order to make use of the DIOCKILLSTATES define.
* sys/openbsd: remove unused defineAnton Lindqvist2020-03-041-2/+0
|
* tools: add script that checks copyright headersDmitry Vyukov2020-02-182-0/+6
| | | | Fixes #1604
* prog: remove unused ResourceDesc.TypeDmitry Vyukov2020-01-261-28/+28
|
* pkg/serializer: do not write field names if it won't save spaceDmitry Vyukov2020-01-261-1129/+1129
| | | | | | | If we are going to write all values, don't write field names. This only increases size of generated files. The change reduces size of generated files by 5.8% (62870496-59410354=3460142 bytes saved).
* pkg/compiler: don't mark flags with 0 as bitmaskDmitry Vyukov2020-01-181-31/+31
| | | | | | | They can't be a bitmask. This fixes important cases of "0, 1" and "0, 1, 2" flags. Fix some descriptions that added 0 to bitmasks explicitly (we should do it automatically instead).
* pkg/compiler: sort flags valuesDmitry Vyukov2020-01-181-72/+72
| | | | | | Will simplify runtime analysis of flags. Also just no reason to make it more deterministic and avoid unnecessary diffs in future if values are reordered.
* pkg/compiler: define fileoff templatePaul Chaignon2019-11-011-8/+8
| | | | Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
* sys/openbsd: add ktrace descriptionAnton Lindqvist2019-08-123-1/+51
|
* sys/openbsd: add acct descriptionAnton Lindqvist2019-08-123-1/+8
|
* sys/openbsd: add speaker descriptionsAnton Lindqvist2019-08-123-1/+50
|
* sys/openbsd: prevent swap partition device nodes from being createdAnton Lindqvist2019-07-222-4/+15
| | | | | | | Writing to the swap partition during fuzzing can lead to all kinds of corruptions[1]. [1] https://syzkaller.appspot.com/bug?id=a2eca15e6e0be4be3ed1b0b2bab3332edc317b1c
* sys/openbsd: add diskmap descriptionsAnton Lindqvist2019-07-103-1/+51
|
* sys/openbsd: add missing WSDISPLAYIO_SBURNER ioctl commandAnton Lindqvist2019-06-303-1/+14
|
* sys/openbsd: correct setrlimit resource detectionAnton Lindqvist2019-06-182-1/+8
| | | | | | | | | | | | The sanitizer fails to sanitize programs like the following: setrlimit(0x10000000000002, &(0x7f0000000080)) ... due to presence of the most significant bit. Therefore mask of all bits that cannot form a valid rlimit resource. This is one of the root causes of the high amount of reported "lost connection to test machine".
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-30 10:45:22 +0000